PT-2022-25496 · League Of Extraordinary Packages +1 · League/Flysystem +1

Name of the Vulnerable Software and Affected Versions: UniSharp laravel-filemanager aka Laravel Filemanager versions prior to 2.6.4 league/flysystem versions prior to 2.0.0 Description: The issue allows download?working dir=%2F.. directory traversal to read arbitrary files. This has been exploite...

VulnCheck KEV: CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

Remote Code Execution

flysystem is vulnerable to remote code execution. Lack of proper parameter validation in JMSMessageConsumer allows an attacker to upload and execute malicious code on the system under attack, when a configuration uses a JMS Source with a JNDI LDAP data source URI...

Remote Code Execution

flysystem is vulnerable to remote code execution. An attacker is able to upload and execute malicious code on the system under attack via the component File Handler...

GHSA-G377-X8RG-C9MF Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-33107

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-33107

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

Deserialization of untrusted data

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-33107

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

GHSA-33GC-6CW9-W3G4 Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

GHSA-QRVJ-274H-HFCG Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

CVE-2021-36564

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

CVE-2021-36564

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

Deserialization of untrusted data

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...